Please enable JavaScript.
Coggle requires JavaScript to display documents.
Brisbane City Council App #2 - Coggle Diagram
Brisbane City Council App #2
Data Security
Security Strategy
Australian Privacy Principles (APP)
APP 2: Anonymity and pseudonymity
APP 3: Collection of solicited personal information
APP 4: Dealing with unsolicited personal information
APP 5: Notification of the collection of personal information
APP 1: Open and transparent management of personal information
APP 6: Use or disclosure of personal information
APP 7: Direct marketing
APP 8: Cross-border disclosure of personal information
APP 9: Adoption, use or disclosure of government related identifiers
APP 10: Quality of personal information
APP 11: Security of personal information
APP 12: Access to personal information
APP 13: Correction of personal information
APPS that will be used in the application:
APP3: Will be used to ensure that the application can actually collect and store personal information
APP 5: Will be in place to ensure that the individual is aware that their personal information is being collected
APP 6: Can only use or disclose personal information for a purpose that is relevant as to why it was collected
APP 11: Must take steps to protect the personal information that it stores. It can destroy or de-identify personal information if required
APP 13: Allows obligations on the correction of personal information it holds on individuals
CIA Triads
Integrity
Integrity is to ensure the authenticity of information is not changed and that the source of the information is reliable
Provides assurance that the information is trustworthy and accurate
Example: A online store is attacked and the attacker changes the prices of the products, this could allow them to buy any product they want for the price they want to pay for it
Impacts: A failure of integrity has occurred because the price of a product was changed by an unreliable source. A failure of integrity can also occur when a online attacker manages to store data in a different website. This new website is not trustworthy
Availability
Availability is when the information is accessible by authorised users.
Provides a guarantee of reliable access to the information by certain people
Example: Attacks designed to make information inaccessible to a third party
Impacts: If an attacker is not able to compromise the first two elements of information security (confidentiality and integrity) they may try to execute attacks like denial of service (DoS) that would crash the server, which would also stop access from authorised users
Confidentiality
Confidentiality is protecting information from being accessed by unauthorised parties. Only authorised people can gain access to sensitive data.
This also creates a set of rules that limits the access to personal information
Example: Your bank records should only ever be accessed by yourself or bank staff who are assisting you
Impacts: Failure to maintain confidentiality means that someone who shouldn't have access has managed to obtain this data. Loss of confidentiality is known as a breach and cannot usually be undone. Most major security incidents are done by losing the confidentiality
Current CIA triad best implementations
Confidentiality
Data should be handled based on its required privacy
Data should be encrypted, with some form of two-factor authentication to access it
Keep access control lists and other file permissions up to date
Integrity
Ensure employees are knowledgeable about compliance and regulatory requirements
Use a backup and recovery software to keep data correct
To ensure integrity, make use of version control, access control, data logs
Availability
Use preventative measures such as redundancy, failover and RAID. This will ensure that systems and applications stay updated
Use network or server monitoring systems
In case of data loss, ensure a Data Recovery and Business Continuity plan is in place
Key Algorithms
The app will retrieve the JSON data from the dataset and display the data in Swift within the app
The app will filter the JSON data through a button that is based on the users wants and needs and display it in Swift data
The app will be able to remove the event on the Home Screen into the My Events Screen that is selected by the user into their personal list
The app will be able to add the event on the Home Screen into the My Events Screen that is selected by the user into their personal list
Developer Problems
Data Storage and Retrieval
The data will be extracted from the JSON data file and will be decoded into Swift data and displayed in the app through swift code.
Required App Data (All data from the app that will be used in the application)
description
location
title
startDateTime
template
endDateTime
cancelled
openSignUp
dateTimeFormatted
reservationFull
signUpUrl
refundsAllowed
requiresPayment
Data Source Option
Events - JSON
Development Tools
Xcode IDE
Language: Swift
Json2table